Barrier-Focused Approaches to Risk

Analysis -Introduction to Bow Tie Analysis

WorkSafeBC Risk Analysis Unit

Jenny Colman
Jennifer Fung
Mike Tasker
Geoff Thomson
Agenda for the session

Learn the process for creating a bow tie

Introduction to Barrier-focused model of accident

causation/prevention - James Reason Swiss Cheese model

Introduction to Bow Tie Analysis for Hazard/Risk Analysis

Group Exercise – Construct two Bow Tie diagrams

2
1. Introduction to Barrier-focused model of
accident causation/prevention

James Reason Swiss Cheese model

3
Barrier thinking

4
Barrier-based approach

5
6
What are barriers?

• A barrier (sometimes also called a control) can be any measure that

acts against some undesirable force or intention, in order to
maintain a desired state.
• Barriers can be hardware systems, design features, work practices
etc.
• All barriers are not created equal. Some are better and/or more
reliable than others.

Bowtie XP Methodology manual

7
2. Introduction to Bow Tie Analysis
as a Hazard/Risk Analysis Tool

8
Assessment / Analysis Tools You May See…..

• HAZID
• HAZOP
• What-If
• Checklist
• JHA – Job Hazard Analysis
• FMEA - Failure Mode and
Effects Analysis
• LOPA – Layer of Protection
Analysis
• Bow Tie Analysis
9
What is the objective of these analyses?

• Safe Design of Workplace

• Eliminate hazards
• Minimize likelihood / severity of potential incidents
• Effective Controls (Barriers)
• Engineering Controls
• Passive – burst discs, containment berms, fixed guard, etc
• Active – sensors, automated valves, light curtains etc
• Administrative Controls
• Policies, safe work practices (some written), training
• Signage
• Personal Protective Equipment
10
Controls – important considerations

• All controls have administrative elements

• Gas sensors need calibration and maintenance
• Warning alarms require human response
• Workers need to wear correct PPE at right time
• Often controls are part of a control system
• Detect, decide and act
• e.g. gas sensor  computer  warning lights & sirens  worker action
• Controls are never perfect. They can:
• be inadequate, fail, be absent

11
 Who should be involved?

The more diverse it is, the better it is…

• Maintenance
• Operators
• Technical personnel
• Suppliers
• OH&S
• Process engineers

12
What is the Bow Tie model?

Prevention Start
here Mitigation

13
Hazard and Top Event
Hazard
Hazard: A thing, activity, or condition that has the potential to cause
harm

Define the context and scope:

• The specific hazardous thing or activity
• The specific hazardous item
• The specific location of hazard

15
Hazards types
Description Activity Condition Thing
Gasoline stored in a tank
√
• Gasoline stored in tank (T)
Driving chemical tanker truck in urban area
√
• Driving chemical tanker truck in urban area (A)
Load suspended by crane
• Load suspended by crane © √
Biogas in the digester • Biogas in the digester (T) √
Chlorine gas in a pressurized cylinder (T)
Chlorine gas in a pressurized• cylinder √
• Aging building structure ©
Aging building structure √
• Transferring propane (A)
Transferring propane √
16
17
Top Event
Top event: (Major Unwanted Event)
1.Loss of control
2.Loss of containment
3.(or both)

?
18
19
Scope

Too narrow Ideal range Too broad

20
Pictures of biogas process

21
22
Top Event guidelines

•Prior to serious harm being caused

•When normal operation changes to abnormal
•Initiation of the unwanted event (just starting to
occur)
•Typically a loss of control or loss of containment

23
Threats
Threats
Threats: Factor that can cause the top event (i.e. the
triggering action or condition).

25
 Threats - Guidelines
• All should be stand-alone
• Should independently lead to the top event
• Should not be a failure of a control
• Try to capture all credible threats in analysis
• Be specific:
‘Human Error’ – rather, what is the specific action or non-action?
‘Poor weather’ – rather, high wind speeds, sub zero temps etc.
• Note:
If too generic then controls are vague
Threats that are too similar will have the same controls
26
Threats - Lion

27
Threats – Oil & Gas

• Over-pressure
• Under-pressure
• Corrosion
• Erosion
• Impact damage
• Vibration

28
Threats – Crane

29
Consequences
 Consequences

Can be various harmful

outcomes to:

• Person/s
• Equipment/Facility
• Organization

31
 Risk Controls
Barriers / Controls
Prevention Mitigation

34
Barriers / Controls
Prevention barriers (Left)
• To prevent the onset of the top
event
• Sometimes lessen the effect of
the top event
• Include: ‘detect, decide and act’
EFFECTIVE, INDEPENDENT AND AUDITABLE
Mitigation barriers (right)
• Reduce / mitigate the severity
of the consequence (after top
event has happened)
• Sometimes stop the
consequence /outcome from
happening
35
Prevention Barriers
-Lion Example

36
Mitigation Barriers – Lion Example

Emergency response plan

– including…

Training and drills for lion

recovery – including…

37
Prevention or Mitigation?
Top Event/Threat/Consequence Barrier / control Characterization?

Loss of containment – gasket leak Appropriate gasket fitted to specifications PREV

Tank overflow – hydrocarbons affect environment Dike/Berm
MIT
Loss of control of car – driver impacts dashboard Air bag
MIT
Loss of containment – major environmental Detect leak and deploy spill response
pollution equipment MIT
Tank overflow – faulty level gauge Secondary High-High level indicator
PREV
Dropped object - overloaded WWL sensor on crane
PREV
Tank rupture - overpressurization Pressure relief valve
PREV 38
39
Barriers / controls
Administrative barriers can include:
• Specific policies, safe work procedures, practices

Barriers do not generally include:

• Generic instruction
• Generic training
• Generic competency
• Generic inspections

*However, specific instruction, training, and inspections are an integral part of

barrier verification and maintenance
40
Barriers selection – other considerations

• Are barriers appropriate?

• Good engineering practice
• Meet applicable legislation, standards
• Are barriers specific enough to be verified, monitored?
• Are they vulnerable to a common failure mode?
• i.e. power loss defeats all controls for a threat?
• Do they cover a range of engineering and administrative controls?
• Include both passive and active controls?
• Do they include both prevention and mitigation controls?
41
45
Escalation Factors – In Brief

• Bow Tie Analysis can

explore how a barrier could
fail
• This may lead to:
• Measures to minimize
potential for barrier failure
• OR additional barriers may
be added (Layers of
Protection)
• OR barrier may be replaced
with a more reliable one

46
Escalation Factors

• Lion example

47
Prevention Mitigation

49
Critical Controls
50
How Do We Expect Employers to Manage Major
Hazards?

Identify hazards and major incidents

Identify credible causes of incidents (threats)

Implement controls to ensure health and safety

Identify critical controls

Ensure critical controls are effectively managed

51
What is a critical control?

“A control that is crucial to preventing or

mitigating a high consequence event is
critical”

Enform 2016
52
53
 Critical control criteria:
1. Is the control crucial to preventing or minimizing the
consequences of an event?
2. Is it the only control or is it backed up by another control in the
event the first fails?
3. Would it’s absence or failure significantly increase the risk despite
the existence of other controls?
4. Is the control effective for multiple threats or does it mitigate
multiple consequences? Does it repeat in the barrier lines for
multiple threats?

ICCM: Good Practice Guide

54
Preventing the undesired event and mitigating the consequences

Hazard

Critical Critical Critical

Threat Consequence
Control Control Control

Undesired
event

Critical Critical
Threat Consequence
Control Control

Controls that are crucial to preventing or mitigating the consequences of an event

occurring, despite the existence of other controls (ICCM).
 Risk Management Resources
• Established standards and other risk management documents
include:

• OHSAS 18001:2007 (ISO 45001 SMS standard due to be

published in Q1 of 2018)
• CSA Z1000-14 – Safety Management Standard
• CSA SZ1002-12 – Risk Assessment Standard
• ISO 31000 – Risk Management Standard
• ISO 31010 – Risk Management : Risk Assessment
Techniques
• HSG 65 (HSE) – Managing for Health & Safety - Risk
Management Section
56
 References:
• Bow Ties in Risk Management (2018)A concept book for Process Safety.
Center for chemical process safety of the American Institute of
Chemical Engineers and Energy Institute . Wiley Publishing, USA.
• BowTie XP Bowtie Methodology Manual. Revision 16 – July 2017
• A Barrier Focused Approach: How to get started with process safety, Vol
2. Enform 2016
• Health and Safety Critical Control Management: Good Practice Guide.
ICMM International Council on Mining and Metals
• Critical control Management: Implementation Guide. ICMM
International Council on Mining and Metals
• Managing the risks of organizational accidents. James Reason

57
Further Reading on Risk

58
Further Reading on Risk

59